In this guide, we’ll cover common issues you may run into when generating a signature for the Zoom Meeting SDK.
The Zoom Meeting SDK uses a JSON Web Token (JWT) signature to authorize the SDK and validate your client’s requests to start or join a meeting.
Documentation on this is available here: Meeting SDK Authorization.
We also have a sample signature application which can be used as a good starting point: Sample Meeting SDK Signature App - Node JS
If the signature provided is invalid, the SDK will most commonly respond with one of the following error messages:
Invalid signature tokens
Signature tokens may be invalid if they are missing expected formats or fields. If you have an invalid signature, verify the following:
- The token has all required fields.
- Values in the token are correct
- The token
exp
date matches the expected rules.
Timestamps and expired tokens
Zoom uses Unix Epoch time to determine the creation and expiration time of the token.
The Meeting SDK expects a minimum JWT exp
date of 1800 seconds (30 mins) greater than iat
value and a maximum value of 48 hours greater than the iat
value.
When checking timestamps and expiration, ensure the following:
-
iat
value is the current time. -
iat
value is long format, not a string. -
tokenExp
orexp
should be in Unix Epoch time. -
exp
value is greater thantokenExp
.
Ensure your server clock has not drifted, and verify the token’s validity period. Epochconverter provides an easy-to-use interface for getting the current date and time in epoch format and future dates.
Example Meeting SDK JWT payloads
The header for the Meeting SDK JWT will be the same across all platforms; however, the payload properties for Mobile/Desktop and Web are slightly different. See examples below:
Web SDK signature payload
For the Web Meeting SDK, include the sdkKey, mn, role, iat, exp, and tokenExp properties. The values for exp and tokenExp will be the same.
{
"sdkKey": SDK_KEY,
"mn": MEETING_NUMBER,
"role": ROLE,
"iat": 1646937553,
"exp": 1646944753,
"tokenExp": 1646944753
}
Mobile/Desktop SDK signature payloads
For apps built using a mobile or desktop Meeting SDK (iOS, Android, macOS, Windows, Electron), include the appKey, exp, and tokenExp properties. The values for exp and tokenExp will be the same.
{
"appKey": SDK_KEY,
"iat": 1646937553,
"exp": 1646944753,
"tokenExp": 1646944753
}
Web and Mobile/Desktop signatures
For a signature generation function that works across web, mobile, and desktop platforms, include the appKey, sdkKey, exp, tokenExp, mn, and role properties. The values for appKey and sdkKey will be the same, and the values for exp and tokenExp will be the same.
{
"appKey": SDK_KEY,
"sdkKey": SDK_KEY,
"mn": MEETING_NUMBER,
"role": ROLE,
"iat": 1646937553,
"exp": 1646944753,
"tokenExp": 1646944753
}
Steps to troubleshoot
1. Reproduce with the sample Node.js app
If you are generating a signature in your application and still getting an invalid signature error, the best first step is to test your credentials with the sample app. For a low-effort way to test manually, take the generated signature from the sample app and enter the signature property value for the SDK. This helps to compare your signature and isolate whether your function is generating the signature correctly.
2. Verify with JWT.io
JWT.io provides an excellent tool to decode and debug a JSON Web Token. You can use this tool to verify your token’s structure or build a token using a header and payload.
The header includes the signing algorithm and the token type. The payload section describes the authorization granted. It contains the token’s claims, the information passed about the user, and any metadata required.
If signature validation is failing, use JWT.io to decode the signature and verify its format and property values. Here is a demo of what that looks like :
3. If that doesn’t work, here are common issues we’ve seen:
- Make sure you’re using a Meeting SDK app type, not OAuth or server-to-server OAuth.
- If you’re using
Math.round()
in JavaScript, verify that you’re not returning a timestamp 10-30 seconds greater than your intended value. - Verify the local time on your computer is auto-syncing the system time correctly. It is recommended to generate the signature on the server side, in UTC / GMT to avoid timezone/time sync issues, and also to keep your Client Secret, Secret!
- Verify the JSON header or payload uses curly quotes instead of straight quotes.
- Verify
tokenExp
is larger thanexp
- Verify timestamps are in Unix epoch format and satisfy the following: